Personal Information and Privacy Protection Policy

Issuance Date: 28 January 2022

Effective Date: 28 January 2022

HSBC Qianhai Securities Limited(“HSBC Qianhai”, “we” or “us”) take the confidentiality and security of personal information very seriously, and strive at all times to protect personal information and privacy of our customers and other related personal information subject (“you” or “Information Subject”) according to law. We therefore formulate this Personal Information and Privacy Protection Policy (this “Policy”) to help you understand the purposes, methods, and scope of personal information we collect and use, our practices regarding personal information and privacy protection, your rights and interests with regard to personal information and privacy and how to assert your rights and interests. Please read through this Policy carefully and pay particular attention to the provisions that are bolded and/or underlined.

  • For your convenience to understand the purpose and category of personal information we collect when you sign up for our service, we therefore explain them under the particular service scenario.
  • When you sign up for some particular services, we will collect your sensitive personal information (for example, biometric information) after you give us clear, active consent. Refusal on providing consent might affect you use related service, but will not affect you use other services we provided.
  • To provide the service per you request, we might need to share your personal information to third party. We will carefully assess the legitimacy, propriety, and necessity of the data sharing with third party. We will ask the relevant third party take all data protection measures required pursuant to Laws and Regulations. We will in accordance with the requirements of Laws and Regulations, ask for your consent or ask the relevant third party to demonstrate they have received your consent via confirmation agreement, page prompt and/or interactive process.

We fully understand how important your personal information means to you, and we will exert our effort to protect the security of your personal information. We have always been committed to maintain your trust and will stick to below principles to protect your personal information: Right and Responsibility Consistency, Explicit Purpose, Freely Given Consent, Minimum and Necessity, Assurance of information security, Participation, Fair and Transparency. We are also committed to take appropriate security measures to protect your information.

This Policy shall apply to personal information of you and related parties that may be involved when you visit, browse, or use our website or mobile device application, apply for or use any product, device or service of us, handle any business or make any transaction with us, participate in any of our marketing events and surveys, and in any way contact or correspond with us, no matter the information is provided by yourself or by the related parties, or collected or acquired by us from other sources according to law, regulation, regulatory provision, or based on your or related parties’ authorisation or consent.

The table of content of this Policy is set out as below:

    1. How We Protect Your Personal Information
    2. How We Collect Your Personal Information
    3. How We Use Your Personal Information
    4. How We Store Your Personal Information
    5. How We Share, Transfer and Publicly Disclose Your Personal Information
    6. Special Circumstances for Information Processing
    7. How We Use Cookies and Other Technologies
    8. Your Rights Relating to Personal Information
    9. How to Contact Us
    10. Protection of Minors’ Personal Information
    11. Formulation, Effectiveness and Update of this Policy and Others

We shall collect, use, store, disclose, and protect your and related parties’ personal information in accordance with this Policy. We may separately issue specific personal information protection policy tailor made for specific channels, products, services, businesses and activities. The specific personal information protection policy so made shall apply in the specific scenarios as prescribed in such policy. If there is any discrepancy between this Policy and the other agreements entered into or other terms and conditions agreed between you (or relevant parties of which you are a representative or with which you have a relationship) and us, such other agreements or terms and conditions shall prevail.



I. How We Protect Your Personal Information

  1. Information security is our top priority. We will endeavour at all times to safeguard your personal information against unauthorised or accidental access, processing or damage. We maintain this commitment to information security by implementing appropriate physical, electronic and managerial measures to secure your personal information. We will take responsibility in accordance with the law if your information suffers from unauthorised access, public disclosure, erasure or damage for a reason attributable to us and so impairs your lawful rights and interests.
  2. Our website supports advanced encryption technology - an existing industry standard for encryption over the Internet to protect data. When you provide personal sensitive information through our website, it will be automatically converted into codes so as to ensure secure transmission afterwards. Our web servers are protected behind “firewalls” and our systems are monitored to prevent any unauthorised access.
  3. We maintain strict security system to prevent unauthorised access to your personal information. We exercise strict management over our staff members who may have access to your personal information, including but not limited to access control applied to different positions, contractual obligation of confidentiality agreed with relevant staff members, formulation and implementation of information security related policies and procedures, and information security related training offered to staff.
  4. We will not disclose your personal information to any third party, unless the disclosure is made to comply with laws, regulations and regulatory requirements or according to this Policy or other agreement (if any) or based on your or related parties’ separate consent or authorisation. When we use services provided by external service providers (entities or individuals), we also impose strict confidentiality obligations on them and request them to abide by the security standards of this Policy when processing personal information.
  5. For the security of your personal information, you take on the same responsibility as us. You shall properly take care of your personal information, such as your account information, identity verification information (e.g. user name, password, dynamic password, verification code, etc.), and all the documents, devices or other media that may record or otherwise relate to such information, and shall ensure your personal information and relevant documents, devices or other media are used only in a secured environment. You shall not, at any time, disclose to any other person or allow any other person to use such information and relevant documents, devices or other media. Once you think your personal information and/or relevant documents, devices or other media have been disclosed, lost or stolen, or may otherwise affect the security of your use of our products, devices or services, you shall notify us immediately so that we may take appropriate measures to prevent further loss from occurring.
  6. We will organize regular staff training and drills on emergency response. If unfortunately personal information security incident occurs, we will adopt emergency plan and take relevant actions and remediation measures to mitigate the severity and losses in connection therewith. Meanwhile, we will, following the applicable requirements set out in law and regulation, inform you of the basic information of the security incident and its possible impact, the actions and measures we have taken or will take, suggestions for you to prevent and mitigate the risk, and applicable remediation measures. We will inform you about the security incident by email, mail, call, SMS, push notification or through other methods as appropriate in a timely manner. Where it is difficult to notify each Information Subject, we will post public notice in a reasonable and effective way. Meanwhile, we will report such personal information security incident and our actions in accordance with applicable law, regulation and regulatory requirements.



II. How We Collect Your Personal Information

  1. For the purpose of complying with law, regulation and regulatory provision, or as required for us to provide you or relevant parties with various products and services and continuously improve our products and services, or in order to contact or communicate with you or relevant parties, understand the needs of you or relevant parties, build up, review, maintain and develop our relationship with you or relevant parties, we may receive and keep the personal information provided by yourself or by related parties, or, according to law, regulation, regulatory provision, your or relevant parties’ authorisation or consent, collect, enquire, and verify by proper methods your and/or related parties’ personal information from/with members of the HSBC Group or other third parties (including but not limited to credit reference agencies, information service providers, relevant authorities, employers, counterparties, joint applicants, contact persons, close relatives and other entities/individuals). "HSBC Group" under this Policy means HSBC Holdings plc, and/or any of, its affiliates, subsidiaries, associated entities and any of their branches and offices (together or individually), and "member of the HSBC Group" has the same meaning.
  2. The personal information we so collect may be in paper, electronic or any other forms.
  3. When you visit, browse, use our website and/or applications as a visitor, we may collect information about the browser or device you use (such as IP address, operating system, and browser version), your browsing actions and patterns. We use Cookies and other similar technologies to collect above information. You may disable Cookies by changing your settings (for details, please refer to Article VII of this Policy “How We Use Cookies and Other Technologies”).
    The technical information which cannot identify any individual will not be treated as personal information. However, when such technical information can identify the individual alone or in combination with other information, we will protect it as your personal information.
    We may invite you to subscribe to our newsletter, updates, alerts or to participate in our marketing events or survey via our website and/or applications. If you accept relevant invitation, we may collect the information you provide to us by filling out contact forms or questionnaires, etc. The said information may include name, telephone number, email address, employer name, and job position etc. Refusal to provide such information will not affect your visiting, browsing or using our website and/or applications.
  4. When you are our prospect or existing individual customer/investor or relevant parties to the transactions, in order for us to provide you with our products/services and to handle relevant securities business, we may collect the following information upon your consent or authorization:

     

    Purposes or Functions (Products/Services/ Business)

    Information We May Need to Collect

    To open account; to provide securities products/services relating to securities brokerage, securities investment advisory, investment banking, asset management, trading and other securities company’s businesses, or to subscribe, hold or use securities products/services relating to such businesses; to maintain proper and secure operation of securities company’s business/ services; to prevent and control securities related risk
    1. Personal identity information, including name (include former name or alias), sex, nationality, citizenship, registered residence (Hu Kou), type/number/validity period of ID certificate, occupation, telephone number, e-mail, contact information, birth date, place of birth, marital status, family status, place of residence (include historic address, contact address and permanent address), company/employer and job position, and any relationship with politically exposed person (“PEP”) and relevant information etc.;
    2. Personal property information, including personal income, real property, movable property (e.g. financial assets, etc.), indebtedness, investment, tax residence, taxpayer identification number, etc.;
    3. Personal biometrics information, such as signature, handwriting, portrait, fingerprint, voice, face recognition information, etc.;
    4. Personal account information, including account number, time of account opening, institution with which the account is opened, account balance, account transaction information, etc.;
    5. Personal credit information, including personal property and source of funds, credit transaction information, litigation and investigation information, penalty and any other information about personal credit status;
    6. Personal financial transaction information, including personal information acquired, kept, recorded during any brokerage business, investment banking, asset management, payment and settlement or other financial services, personal information generated from transactions made through us with any third party institution like banks, fund house, futures company, stock exchanges, custodian, payment agency, clearing houses and other financial institution etc.;
    7. Transaction or risk preference, risk appetite, investment intention, investment goal, knowledge and experience;
    8. Any other personal information acquired during the establishment or maintenance of business relationship for the performance of contracts or for compliance with laws and regulations and regulatory requirements, e.g. time/location (including geographic location and network address) of service use, correspondence or other communication records (including video or audio records, call log and correspondence records and contents), device identifier and code, hardware type and serial number, operating system version, software version, IP address, network service provider etc.;
    9. Personal information arising from customer investigation, e.g. personal information collected during customer due diligence, sanction or anti-money laundry checks.

    5.  

    The above information is the basic information we must collect to provide you with our products or services, to perform our contract with you and to comply with laws, regulations and regulatory requirements. If you refuse to provide those information (or the information so provided is incomplete, inaccurate or untrue), you will not be able to use our regular products or services.

  5. When you are a connected person of our prospect or existing non-individual customers or relevant parties to the transactions (including corporate, enterprise, institution and other legal entities) (for the purpose of this Policy, connected person means any other person with whom our prospect or existing non-individual customer has a relationship, including but not limited to, a director, supervisor or employee of a company, partners or members of a partnership, any shareholder, substantial owner, controlling person, or beneficial owner, trustee, settler or protector of a trust, account holder of a designated account, payee of a designated payment, representative, agent or nominee of the account holder, or the account holder’s principal where the account holder is acting on another’s behalf), we may collect the following information upon your or relevant customer’s consent or authorization:

     

    Purposes or Functions (Products/Services Business)

    Information We May Need to Collect

    To provide securities products/services relating to securities brokerage, securities investment advisory, investment banking, asset management, trading and other securities company’s businesses to relevant customers or relevant parties to the transactions; to conduct securities company’s business, to maintain proper and secure operation of securities company’s business/services, to prevent and control securities related risk
    1. Personal identity information, including name (include former name or alias), sex, nationality, type/number/validity period of ID certificate, occupation, job position, relationship with relevant customers (such as employment/shareholding/investment relationship), telephone number, e-mail, contact information, birth date, place of birth, place of residence, work address, photo, personal virtual identity and authentication information (e.g. login information required for corporate internet banking), any relationship with politically exposed person (“PEP”) and relevant information etc.;
    2. Personal biometrics information, such as signature, handwriting, portrait, fingerprint, voice, face recognition information, etc.;
    3. Personal credit information, including personal property and source of funds, litigation and investigation information, penalty and any other information about personal credit status;
    4. Personal information arising from customer investigation, e.g. personal information collected during customer due diligence, sanctions or anti-money laundering checks etc.;
    5. Any other personal information acquired during the establishment or maintenance of business relationship for the performance of contracts or for compliance with laws, regulations and regulatory requirements, e.g. person information included in the customer documentation, personal information arising from any suspicious and unusual activity investigation, correspondence or other communication records(including video or audio records, call log and correspondence records and contents), device identifier and code, hardware type and serial number, operating system version, software version, IP address, network service provider etc.

     

    The above information is the basic information we must collect to provide relevant customer or relevant parties to the transactions with our products or services, to perform our contract with you or relevant customer and to comply with laws, regulations and regulatory requirements. If you refuse to provide those information (or the information so provided is incomplete, inaccurate or untrue), you or relevant customer will not be able to use our regular products or services.

  6. You may decide, at your free choice, to provide us, or allow us to collect from you or any third party as you agree, the following information for the following purposes or functions:

     

    Purposes or Functions Information We Collect

    Message service functions

    Your account and transaction information
    We collect the above information so that we can send you in a timely manner notifications on account balance change and other transaction related notifications.

    Appointment for account opening or other services

    Your name, mobile phone number, ID document type and number, tax residence, address, email, telephone number, fax number

    To provide you with more accurate, personalised and convenient service and improve service experience

    Information you provide when raising your feedback, suggestion or complaint, information you input when participating in campaigns or surveys, category, methods, operation information, operation/transaction records of securities services or functions you use.
    We will conduct analysis on those information and will contact you or provide you with relevant response, service or products based on those information.

    7.  

    You can choose not to provide such information. Your failure to provide such information will make you unable to participate or enjoy the corresponding convenience or functions, but will not affect your normal use of our other services.

  7. Please understand that the securities services we provide are constantly evolving. If you or relevant customers choose to use any other service not listed above for which we have to collect your information, we will separately explain to you or relevant customers, the purposes, methods, and scope of personal information we collect etc., through reminders, alerts, interaction with you, agreements entered into with you or other appropriate method, and obtain your or relevant customers’ consent for that. We will use, store, disclose, and protect your information in accordance with this Policy and other agreements (if any) between you and us. If you or relevant customers choose not to provide certain information, you or relevant customers may be unable to use certain or part of the service, but your or relevant customers’ use of other services we provide will not be affected.



III. How We Use Your Personal Information

  1. We will use your information to realize the purposes and functions mentioned in above Article II of this Policy “How We Collect Your Personal Information”. 
  2. When you visit, browse, use our website and/or applications as a visitor, we may use your information for the following purposes:
    1. to respond to your queries and requests; 
    2. to provide you with information, products or services that you request from us or which we feel may interest you, subject to your prior consent;
    3. to perform contracts or agreements entered into between you and us; 
    4. to allow you to interact with us at our website and/or applications;
    5. to notify you about changes to our website and/or applications;
    6. to ensure the content of our website and/or application is presented in an effective manner on your device; 
    7. to maintain proper and secure operation of website and/or applications as well as securities business, to prevent and control risk, or to detect and prevent misuse or abuse of our website, applications, products or services; 
    8. to meet the compliance obligations of us or the HSBC Group, or to comply with any applicable laws and regulations that we and HSBC Group companies are subject to; and
    9. to make statistics and analysis of the use of our business, products, services or functions. But such statistics will not contain any of your personally identifiable information.
  3. When you are our prospect or existing individual customer or a connected person of our non-individual customers, we may use your information for the following purposes:
    1. to provide you or related parties with products or services, to recognize or verify the identity of you and related parties, or to approve, manage, handle, execute or effect transactions requested or authorised by you or related parties;
    2. to comply with any Applicable Laws (“Applicable Laws” refer to any applicable local or foreign statute, law, regulation, ordinance, rule, judgment, decree, voluntary code, directive, sanctions regime, court order applicable to any member of the HSBC Group, agreement between any member of the HSBC Group and an authority, or agreement or treaty between authorities and applicable to HSBC Qianhai or a member of the HSBC Group) and any order or requirement from any authority;
    3. to perform HSBC Qianhai’s and/or the HSBC Group’s compliance obligations (including regulatory compliance, tax compliance and/or compliance with any Applicable Laws or requirement of any authority), or to implement any policy or procedure made by HSBC Qianhai and/or the HSBC Group for the performance of compliance obligations;
    4. to ensure safe and stable financial services, prevention or prohibition of illegal or incompliant activities, to control or reduce risks, to detect, investigate and prevent any real, suspected or potential financial crime (including money laundering, terrorist financing, bribery, corruption, tax evasion, fraud, evasion of economic or trade sanctions, and/or violations, or acts or attempts to circumvent or violate any Applicable Laws relating to these matters) and to manage financial crime risk;
    5. to enforce or defend HSBC Qianhai or any member of the HSBC Group’s rights, or to perform HSBC Qianhai or any member of the HSBC Group’s obligations;
    6. as required by or to fulfil HSBC Qianhai or the HSBC Group’s reasonable operational requirements (including for credit and risk management, data statistics, analysis, processing and handling, archiving and recording, system, product and service design, research, development and improvement, planning, insurance, audit and administrative purposes);
    7. subject to your or relevant parties’ authorization, market or promote relevant products or services to you or relevant parties, to assess your or relevant parties’ interests in relevant products or services, or to conduct market research or survey or satisfaction survey; and
    8. to obtain or utilize administrative, consultancy, telecommunications, computer, payment, data storage, processing, outsourcing and/or other products or services.
  4. The above information collection and use in this Policy shall not impact our use of your information for the purposes as otherwise agreed between you or related parties and us.
  5. If we use your personal information for the purposes other than the purposes of collection and use as set forth in this Policy or in other agreement between you or related parties and us, we shall obtain your consent before using your personal information for such additional purposes.



IV. How We Store Your Personal Information

We comply with Chinese laws and requirements on data storage. When we collect or process your information, we will, according to applicable laws and regulations, regulatory, archival, accounting, auditing or reporting requirements, and the purposes as set forth in this Policy, store your information for a period as minimum as necessary to fulfill the purposes of information collection. To provide the cross-border service, after obtaining your consent, your information may be transferred to abroad. Under this circumstance, we will adopt appropriate, necessary and effective security methods(encryption) to protect your information security. After the retention period expires, we will destroy, delete or de-identify relevant information, or where the destruction, deletion or anonymization is not possible, store your personal information securely and separate it from other data processing. The aforementioned requirements do not apply to the information that needs to be retained according to applicable laws and regulations, regulatory, archival, accounting, auditing or reporting requirements, special agreement between you or relevant customers and us, or for settlement of indebtedness between you or relevant customers and us or bond issuer, or for record check or enquiry from you, relevant customers, regulators or other authorities.




V. How We Share, Transfer and Publicly Disclose Your Personal Information

  1. Entrusted Processing and Sharing

    For the purposes set out above in this Policy, we may provide or disclose all or part of your personal information to the following recipients under the preconditions that such provision or disclosure is necessary and is made with proper protective measures (please refer to Article I of this Policy “How We Protect Your Personal Information” for details) and the recipients may also, for the aforesaid purposes, use, process or further disclose the information they receive provided that corresponding protective measures are adopted pursuant to the applicable laws or our requirements:

    1. any member of the HSBC Group;
    2. any contractor, subcontractor, agent, third party product or service provider, licensor, professional consultant, business partner, or associated person of the HSBC Group (including their employees, directors and officers);
    3. any regulator of HSBC Qianhai or any member of the HSBC Group or any other authority, or any organisation or individual designated by such regulators or authorities;
    4. anyone acting on your or relevant customers' behalf according to your or relevant customers' authorisation or according to law, payment recipients, beneficiaries, intermediary, correspondent and agent banks, stock issuer, sponsor, underwriter and bond trustee, clearing houses, clearing or settlement systems, securities registration and clearing institution, distributors, custodian bank, brokers, market counterparts, upstream withholding agents, swap or trade repositories, stock or future exchanges, financial products quotation and service system, companies in which you or relevant customers have an interest in securities, or anyone making any payment to you or relevant customers;
    5. any person or related party who has the right or obligation, acquires an interest or assumes risk, in or in connection with any product or service you or relevant customers receive from HSBC Qianhai, or any business you handle at HSBC Qianhai or any transaction you make with HSBC Qianhai
    6. other financial institutions, industrial associations (include but not limit to Securities Association of China, Asset Management Association of China) or information service providers;
    7. any third party fund manager providing you or relevant customers with asset management services through us;
    8. any third party to whom we provide referral, agency or intermediary service;
    9. any party in connection with any business/asset transfer, restructure, disposal (including securitisation), merger, spin-off or acquisition transactions of HSBC Qianhai.

    2. Such provision or disclosure will involve cross border transmission of personal information, including information being transmitted to or being accessed from overseas only when the above recipient(s) is an overseas institution/person. Whether it is processed domestically or overseas, in accordance with applicable personal information or data protection legislation, your personal information will be protected by a strict code of secrecy and security which, HSBC Qianhai, other members of the HSBC Group, their staff and third parties are subject to.

    Subject to applicable laws and regulations, we will seek your separate consent and notify you of the data sharing/transferring, including the data receiver's identity, contact information, purpose of processing, method of processing and the type of personal information (if cross-border transfer involved, we will also notify you the manner and method of exercise your right).

  2. Transfer
    Without your separate consent, we will not transfer your personal information to any other company, organization or individual, except in the case of business/asset transfer, restructure, disposal (including securitization), merger, spin-off or acquisition transactions where the transfer is necessary. In such cases, we will inform you of the identity, contact etc. of the personal information recipient according to the requirements of applicable laws and regulations and request the personal information recipient to comply with this Policy. If the personal information recipient changes the purposes, methods etc. of personal information processing under this Policy, it shall re-obtain the consent from you.
  3. Public Disclosure
    We will not disclose your personal information to the public unless we have your separate consent.



VI. Special Circumstances for Information Processing

We will process your information (collection, storage, use, analysis, transfer, provide, disclosure) based on your consent. To the extent allowed by laws and regulations, we may process your personal information without your consent under the following circumstances:

  1. Where it is necessary for entering into a contract or the performance of a contract to which you are the party.
  2. Where it is necessary for compliance with a legal obligation to which we are subject.
  3. Where it is necessary in order to protect your vital interests in an emergency or respond to public health emergencies.
  4. Where it is within reasonable limits in order to carry out news coverage or media supervision for the public interest.
  5. Where it is within reasonable range according to law to process the information has been legally made public or publicized by yourself.
  6. Other circumstances stipulated by laws and regulations.



VII. How We Use Cookies and Other Technologies

  1. Your visit, browse, use of any of our website or mobile device applications may be recorded for analysis on the number of visitors to the site and/or applications, general use patterns and your personal use patterns and improving your experience. Some of this information will be gathered through the use of “Cookies”. Cookies are small bits of information automatically stored on your local terminal, which can be retrieved by your local terminal. Cookies can enable our website or applications to recognise your device and store information about your use of website and/or applications so to provide more useful features to you and to tailor the content of our website/applications to suit your interests and, where permitted by you, to provide you with promotional materials based on your use patterns. We will be able to access the information stored on the Cookies.
    The information collected by Cookies is anonymous aggregated data, and contains no personal information such as name, address, telephone, email address etc.
  2. Our website and/or applications may also work with third parties to research certain use and other activities on the website and/or application. These third parties include without limitation to Doubleclick, Yahoo!, Nielsen//NetRatings, WebTrends, Google and Adobe.They use technologies such as spotlight monitoring, Web Beacons and Cookies etc. to collect information for such research. They use the information collected through such technologies (i) to find out more about users of our website and/or applications, including user demographics and behaviour and use patterns, (ii) for more accurate reporting and (iii) to improve the effectiveness of our marketing. They aggregate the information collected and then share it with us. The data we provide to such companies may include your advertising ID and installation event (refers to data about your first installation or use of our website and/or application). However, we will not collect personally identifiable information about you from such companies or provide such companies with personally identifiable information about you for the purpose of this research .
  3. Most local terminals are initially set to accept Cookies. You can manage or disable Cookies based on your own preference. Should you wish to disable the Cookies, you may do so by changing the setting on your local terminals . However, after changing the setting you may not be able to enjoy the convenience that Cookies bring, but your normal use of other functions of the local terminals will not be affected. Different local terminals offer different methods for setting changes, and you can find information on how to manage cookie settings on certain browsers via the following links.



VIII. Your Rights Relating to Personal Information

  1. You have the right to request us to protect and secure your personal information in accordance with the provisions of the law, regulation and this Policy.
  2. You have the right to check with us whether we hold your personal information and to check and copy the personal information you have provided to us.
  3. You have the right to change the scope of authorization or withdraw your consent, and exercise your right per the method listed in "IX How to contact us". We will not further process the related information once you change your authorization. Please note the withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
  4. You have the right and obligation to update your personal information with us to ensure that all the information is accurate and up-to-date. You have the right to request us to provide convenience for you to update your personal information with us and to correct any of your information that is inaccurate.
  5. You have the right to request us to delete or otherwise properly dispose of your personal information that is beyond retention period in accordance with the applicable law and regulation, this Policy, and other agreement between you or relevant customers and us.
  6. This Policy will not restrict other rights of you as the Information Subject under Chinese laws.



IX. How to contact us

  1. Requests for access to, correction or deletion of personal information, for withdrawal of authorisation or disposal of personal information beyond retention period, for a copy of this Policy, or enquiries about our practices regarding personal information and privacy protection, should be addressed to:
    Winni XU Wen Juan

    HSBC Qianhai Securities Limited
    Building 27A&B, Qianhai Enterprise Dream Park, No.63 Qianwan Yi Road, Nanshan District, Shenzhen, China 518052
    E-mail: ibcndmo@hsbcqh.com.cn
    Tel: (86) 0755-88983493 (8:30am - 5:30pm, Monday to Friday during the working days)

  2. For security purpose, you may need to provide the request in written form or use other methods to prove your identity. We may request you to verify your identity before processing your request.
  3. Upon the receipt of your request, we will reply to you within 15 working days or shorter period as prescribed by law and regulation (if any).
  4. We will not charge fees for the processing of your above-mentioned reasonable requests for checking, correcting or otherwise disposing of your personal information. 

    Notwithstanding the foregoing, we may reject your request that is illegal, noncompliant, or unnecessarily repeated, needs excessive technical means (for example, the need to develop information systems or fundamentally change current practices), brings risks to the legitimate rights and interests of others, is unreasonable or beyond technically impracticable requests.

    We may not be able to respond to your request under any of the following circumstances:

    1. where the request is in relation to our legal and financial compliance obligation under laws and regulations;
    2. where the request is in direct relation to state security or national defence security;
    3. where the request is in direct relation to public security, public sanitation, or major public interests;
    4. where the request is in direct relation to criminal investigations, prosecutions, trials, execution of rulings, etc.;
    5. where there is sufficient evidence that you are intentionally malicious or abuse your rights;
    6.  where the purpose is to protect you or other individual's life, property and other substantial legal interests but difficult to acquire your consent;
    7. where responses to your request will give rise to serious damage to your or any other individual or organisation’s legal rights and interests; or
    8. where the request involves any trade secret.
  5. Unless we have your prior consent, we will not send you advertisement promotion message. If at any time you would like us to cease using or providing to others your personal information for advertisement promotion purpose, you are entitled to notify us and exercise your right of choice, not to receive such advertisement promotion any more. If you so choose to reject advertisement promotion message, please contact us by calling (86) 0755-88983493. After receipt of your request we will, as soon as practical (usually no later than 15 working days from your request), take actions to ensure no more advertisement promotion message should be sent to you.
  6. You may supervise or make suggestions for our practices regarding personal information and privacy protection, and lodge complaints or demand compensation according to law against us or our staff for any infringement of your rights and interests in your personal information and privacy.
    If you have any query, complaint, feedback, comment or suggestion, please contact us. You may contact us through the contact information listed in this Policy, by calling our hotline. You may also visit our official website www.hsbcqh.com.cn to enquire t other contact information of us suitable for you.



X. Protection of Minors’ Personal Information

  1. We pay particular attention to protection of the minors’ personal information. We have no intention to collect any minors’ personal information, unless it is agreed by their parents or guardians and it is necessary for the products or services offered to the minors.
  2. If you are under 18 years of age, it is suggested that your parents or guardians should carefully read this Policy and any of your personal information should be provided only after seeking consent from them. Meanwhile, it is suggested that your use of our products and services should be under the guidance of your parents or guardians. If they do not agree you to provide your personal information or to use any of our products or services, you should immediately stop providing the information or stop using our products and services. Please notify us of such event as soon as possible, so as to allow us to take appropriate measures accordingly.
  3. If you are under 18 years of age, for those personal information we collect with the consent of your parents or guardians, we will only use or disclose such information to the extent allowed by law and regulation or expressly consented by your parents or guardians or necessary for protection of the minors’ interests.



XI. Formulation, Effectiveness, Update of this Policy and Others

  1. The Policy is made by us and published at our websites and takes effect on the date of issuance. The Policy may be amended or updated from time to time, particularly in the events of major changes as follows:
    1. Major changes in our service model, such as changes in the purpose of processing personal information, changes in the types of personal information being processed, the use methods of personal information, etc.;
    2. Major changes in our ownership structure, organisational structure, etc., such as changes as result of business adjustments, bankruptcy, mergers, etc.;
    3. Changes in the main objects of personal information sharing, transfer or public disclosure;
    4. Significant changes in your rights relating to personal information or in the methods to exercise such rights;
    5. Changes of our contacts for personal information related requests/enquiries, changes of our contacts for complaint or feedback;
    6. Other major changes which may significantly impact your interests in personal information.
      We will post the changes to the Policy or the updated Policy through pop-ups, announcements, etc. on our website. Changes to the Policy shall not diminish or limit the rights you should have as an Information Subject under Chinese law.
  2. Where you provide to us personal information about another person, you should ensure that person acknowledges this Policy, tell him/her how we may collect and use his/her personal information and obtain the consent of such person. You should remind that person to read this Policy in advance and may also give him/her a copy of this Policy.
  3. In case of discrepancy between the Chinese and English versions of this Policy, the Chinese version shall apply and prevail.